I just discovered this website and I love it; it's a pleasure to be part of this small cave of bitcoiners. I'll start with the following topic to see your opinions.
I am delving into the world of self-custody and learning about all the security schemes you can have when storing your bitcoin. It is truly spectacular to see how many layers you can add to feel secure.
I am thinking of having a Seed Signer with a 24-word mnemonic phrase created with a coin, using a binary system, and also adding a passphrase.
Do you consider this sufficient?
10 sats \ 1 reply \ @ChrisS 19 May
My choice would be a coldcard with the seed generated by dice rolls. I wont say seedsigner is a bad option because I have one and its an awesome project but just be aware that the rasp pi is a general purpose computer with a bigger attack surface than a piece of hardware specifically designed for storing private keys like the coldcard. If you want to build your own, this is a project with more hardware options to build on that are better (in my opinion) and cheaper than a rasp pi. https://selfcustody.github.io/krux/. But again the attack surface is still bigger when you use hardware that is not specifically designed to store private keys.
reply
Thank you very much, I will take a look at the options you mentioned. I believe studying all the possibilities and understanding them well is a must, so I will get to it! Let's see what I end up choosing in the end! 👍
reply
You can improve entropy using dice. Love the SeedSigner!
Dig into @DarthCoin's resources!
Welcome!
Stack Sats and stay humble.
reply
The option of the dice, from what I'm seeing, is one of the options with more randomness and security, I don't know, I'm going to evaluate it well! Thank! 🤙
reply
Welcome to the sat party!
Depends on preference, tech savyness, comfortability, inheritance, etc. I chose multisig self custody for me and my families wealth. I feel others in my family will be able to figure it out!
reply
Do you use a multisig between you and your family? That's great! The only problem I see is that you depend on the responsibility of the other person who has access to that signature to access your funds...
Perhaps, although it's more technical, it would be interesting to add a mini-script that, if after a certain number of blocks, it can be moved with one of the two signatures, just in case one of them is lost.
I know it can be done, but I've never done it myself. Thank you very much for your response!
reply
I believe Seed Signer may be the best solution out there, but it can be good to have a second hardware device to independently confirm generated addresses on.
reply
If you insist on having a passphrase, I would go with 12 word mnemonic. Combined, they provide more than enough entropy.
reply
Yes, totally agree. 12 word mnemonic + passphrase should be enough. Thanks!
reply
0 sats \ 1 reply \ @Lumor 19 May
But if you are planning to only keep the passphrase in you brain, think about the consequences for your loved ones. I avoid passphrases if possible for this reason.
(Every passphrase generates a unique set of private keys so if one only has the 12 words with an unknown passphrase, it's game over).
reply
Absolutely agree with you! I think adding a passphrase is a very important extra layer of security, but it can also be dangerous if you're not prepared to create and store that passphrase correctly. Of course, memorizing it is not an option for me, you never know when you might bump your head on a curb and forget everything 😂
Created with a coin - you mean flipping a coin, heads or tails? I haven't heard of that idea. Dice rolls seem to be a lot more popular. I wouldn't do anything that's so non-standard.
The Seedsigner, and the Seedsigner community is great. It's funny how little you hear about it considering what an awesome little device it is. I guess it's the fact that they have no marketing department.
I'm torn on the whole passphrase or not idea. It seems equivalent to a 2 of 2 multisig. What makes you incline that way? I assume the seed phrase and passphrase would be stored separately?
reply
Hey! Yeah, Seed Signer has done an amazing job.
The coin flipping method to derive a mnemonic phrase essentially serves the same purpose as dice rolling, which is to manually generate your mnemonic phrase. With the coin, you toss it and record either a 1 or a 0. Eventually, you end up with a sequence of 12 or 24 binary numbers based on that random outcome, and you then match it to the corresponding word in the BIP39 list, where mnemonic phrases are sourced from.
And the passphrase essentially acts as an extra layer of security. By adding a passphrase, it protects you if your mnemonic phrase is compromised, since the private key is completely different. Using just the mnemonic grants access to one private key, while using the mnemonic plus passphrase grants access to another.
Hope that's clear, and sorry for going into so much detail!
reply
Welcome.
Glad you are enjoying SN. It's a great community. Looking forward to more of your posts.
reply
For now, I'm super happy; the reception I've had has been spectacular. I'll be posting some things about Bitcoin and trying to delve into the technical topics as I learn them. Thanks!
reply
0 sats \ 1 reply \ @Fabs 19 May
Get yourself a Bitbox02 BTC-only, set up a personal node, and you're good.
reply
I've been reading about the Bitbox, and I definitely think it's an option to consider. On the other hand, I'm also contemplating the option of setting up a node. Thanks for your message!
reply
It is good enough. As long as you dont forget the phrases, you will be fine.